Jump to content
Welcome to our new Citrix community!
  • 1

SSL Error 47 / sslv3 alert handshake failure with upgrade to 1904


Brian Hart1709160094

Question

Like a dummy, I followed the automated prompt Citrix popped up to upgrade my client. This upgrade was to 1904, probably from 1903. Now I cannot connect. I have no idea what products are running on the host, so ; I am just a user. Images included. I uninstalled Citrix Workspace, ran the Citrix Receiver Cleanup, and reinstalled. No go. Repeat, but installed 1903. Now it works.

 

What is happening with SSL and 1904?

Citrix SSL error 2019-05-21.png

Link to comment

6 answers to this question

Recommended Posts

  • 0
2 hours ago, Carl Stalhood1709151912 said:

Most likely your Citrix admins need to update the ciphers on their NetScaler.  https://www.citrix.com/blogs/2018/05/16/scoring-an-a-at-ssllabs-com-with-citrix-netscaler-q2-2018-update/

I saw post posts related to that, but they all seemed to be things that should have failed prior to the very newly-issued version 1904. Are you saying that the ciphers are not compatible only with 1904, not with 1903?

 

And I should clarify that I am the only one (that I know of) having the problem of about 15 users for this company and perhaps up to a few hundred for all users having their services for this particular hosted application on the particular Cloud services servers. At least, I was completely unable to connect because of this as soon as I upgraded from 1903 to 1904, but nobody has posted anything on the software forum regarding the issue, so it is highly unlikely that anyone else is seeing the issue if it is on the server side.

 

I suppose it is possible that I am the only one that upgraded to 1904, but that is also unlikely. I am not saying it is not a ciphers issue; I could be the only one of many that upgraded, or it could be that our particular server in the (presumably) many in the particular software vendor's set of servers on the cloud was missed with some cipher reconfiguration that had no effect until 1904.

Link to comment
  • 0
4 hours ago, Carl Stalhood1709151912 said:

Yes, Workspace app 1904 reduced the ciphers that it supports - https://support.citrix.com/article/CTX250104

Thank you. Now I found from other users that we are supposed to be using the Receiver only. But I know for a fact that I installed the Receiver originally and could swear that I have done nothing else but accept automatic/recommended updates as they have arrived. Did Citrix throw in a remove-Receiver-install-Workspace automatic update for Receiver at some point?

Link to comment
  • 0

Similar Problem:

ECC Zertificate from Sectico has as intermediates also ECC Certificates, but as root certificate in the chain Sectico uses an RSA certificate. Firefox and Chrome work with that constellation, Receiver not. Citrix Receiver / Workspace tells "SSL Error 47: The Server send an SSL-Warning: ssslv3 alert handshake failure" when connecting to the VDA.

Result: Receiver and Workspace need all certificate in the chain as ECC, if one in the chain is not ECC the certificate is not working. Our case  match the problem cause from https://support.citrix.com/article/CTX231492. All certificates in the chain has to be ECC type. Sectico ECC certificate chain fullfills not the technical requirements of the Receiver/Workspace.

So we changed back to an RSA certificate on the netcaler, and everthing is working fine.

 

Greets Hilmar

Wiorspace ECC Certificate issue.png

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...